Abstract: A method and apparatus for performing a reverse name lookup in a file system is described. A file system driver executing on the computing system agent may receive a reverse name lookup request for an inode number. The file system driver retrieves a disk inode, corresponding to the inode number, a first block number of a first directory entry (dentry), the first dentry identifying directory data blocks where the inode number and a file name are stored. The file system driver searches the first dentry for the inode number to find the corresponding file name, and retrieves the file name from the first dentry.

Abstract: A computer-implemented method for implementing an archiving-platform-specific storage interface. The method may include defining an application programming interface specification for a specific archiving platform. The method may also include providing the application programming interface specification to a storage system vendor. The method may further include archiving, using the specific archiving platform, data to a storage system provided by the storage system vendor. Archiving the data may include calling an application programming interface that complies with the application programming interface specification and communicating with the storage system through the application programming interface. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for creating selective snapshots may include (1) determining that a snapshot has been taken of a volume of data that includes at least one file, (2) identifying a first attempted modification to a first block of the file, (3) determining, based on a block map of the file, that the first block falls within a scope of the snapshot, (4) copying the first block before the first attempted modification for use in the snapshot, (5) identifying a second attempted modification to a second block of the file, (6) determining, based on the block map of the file, that the second block does not fall within the scope of the snapshot, and (7) allowing the second attempted modification without first copying the second block for use in the snapshot. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting illegitimate out-of-band authentication attempts may include 1) identifying a text message that includes a confirmation code for an out-of-band authentication procedure, 2) detecting an attempt to access the text message, 3) determining that the attempt to access the text message was configured to avoid user participation, and 4) performing, in response to determining that the attempt to access the text message was configured to avoid user participation, a remediation action that addresses an illegitimate out-of-band authentication attempt that includes the attempt to access the text message. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.

Abstract: A computer-implemented method for detecting abnormal behavior of networked devices may include identifying a purpose-built device expected to have a predictable pattern of behavior on a network, determining a baseline pattern of behavior of the purpose-built device, monitoring the network to detect a behavior of the purpose-built device and comparing the behavior to the baseline pattern of behavior of the purpose-built device in order to determine that the behavior may be an abnormal behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing device categorizes data items as a corporate data items when a first criterion is satisfied and as personal data items when a second criterion is satisfied. The computing device provides identified corporate data items to a first backup system that stores the corporate data items to a corporate data store. The computing device further provides identified personal data items to a second backup system that stores the personal data items to a personal data store.

Abstract: A health services module can test availability of one or more applications installed in a virtual machine that is instantiated from a backup image of a virtual machine disk file. A health services module can be installed on a virtual machine to test one or more applications that a user wishes to validate. If the health services module indicates that the application(s) of the virtual machine are available, a guarantee of availability can be provided for the backup image of the virtual machine disk file. If the health services module indicates that the application(s) of the virtual machine are unavailable, no guarantee of availability can be given. The guarantee of availability can indicate that the backup image of the virtual machine disk file can be successfully restored, and that the application(s) of the virtual machine instantiated from the backup image are available to respond to a client request.

Abstract: A server computing system selects a machine learning kernel from a plurality of machine learning kernels using a plurality of training documents. The server computing system identifies a plurality of testing documents from a plurality of electronic discovery documents based on the plurality of training documents. For each of the plurality of machine learning kernels and for each testing document in the plurality of testing documents, the server computing system determines a class of the testing document using a default value for each of a plurality of parameters for the machine learning kernel and evaluates a goodness of fit of the machine learning kernel for the testing document. The server computing system selects a machine learning kernel from the plurality of machine learning kernels and determines a value for at least one of the plurality of parameters for the selected machine learning kernel using a goodness of fit test.

Abstract: A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods for sharing data in a virtual environment are disclosed. For example, one method involves receiving a request to access data. The request can be received from a first virtual machine of a plurality of virtual machines. The method then involves retrieving a signature for the data where the signature is stored in a deduplicated data store. Next, the method involves detecting whether the signature is included in a map. In order to do so, the method compares the signature with entries in the map. The entries in the map identify data stored in RAM. The data is also stored in the deduplicated data store. If the signature is found in the map, the method involves granting the request to access the data. Otherwise, the method involves creating a new entry in the map and adding the signature to the new entry.

Abstract: A computer-implemented method for hotspot mitigation in object-based file systems may include 1) identifying a storage system including a plurality of storage devices, 2) identifying an object stored on a storage device within the plurality of storage devices, 3) identifying a level of demand to access the object, 4) creating, based at least in part on the level of demand, at least one sparse object to represent the object on at least one alternate storage device in the plurality of storage devices, and 5) fulfilling at least one read attempt to read from the object via the sparse object. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A data backup manager links data backup robustness to an external state. The data backup manager monitors the external state. Responsive to the external state, the data backup manager adjusts parameters controlling data backup, such as backup frequency, backup content, and backup retention time. The data backup manager can increase these parameters responsive to an increase in an external distress state level, and decrease them in response to a decrease in the external distress state level.

Abstract: Techniques for determining an optimal connection duration for a connection between a client device and a server across a network are disclosed. In one particular embodiment, the techniques may be realized as a method for determining an optimal connection duration for a connection between a client device and a server across a network comprising: identifying, using the client device, a network access point that communicatively couples the client device to a network; selecting a sever connection time period; initiating the connection between the client device and the server via the network based on the sever connection time period; determining whether a sever connection notification was received from the server within the sever connection time period; and adjusting the sever connection time period based on the determination.

Abstract: A file system is disclosed that includes an application wide name space instantiated in a global index (Gindex) that is used for accessing objects related to an application. Using the Gindex, a method for cache coherency includes establishing one or more appliances, each defining a storage cluster; establishing one or more tenants spanning across appliances, wherein an application stores objects in file systems associated with the appliances and tenants; establishing a Gindex including metadata relating to objects stored in association with the application; replicating the Gindex to plurality of data centers supporting the tenants; storing an original object at a first data center; storing a cached copy of the object at a second data center; aligning the cached copy using metadata for the object from a local copy of the Gindex.

Abstract: Method and apparatus for evaluating a backup policy in a computer network is described. In one example, a control limit is established for each of a plurality of backup tasks in the backup policy based on a set of backup statistics. An aggregate requirement for the backup policy is computed by combining control limits for the plurality of backup tasks. The aggregate requirement is compared with aggregate capabilities of the computer network. The backup policy is evaluated based on the results of the comparison.

Abstract: A method of detecting and blocking malicious activity of processes in computer memory during unpacking of a file after the code and data contained in the file are unpacked is described. The method includes inserting a hook function into one or more un-assessed processes running in the computer memory. A hook is then placed on one or more system calls carried out by the one or more un-assessed processes; the one or more system calls determining an optimal time period in which to detect malicious activity in the un-assessed processes. During the optimal time period the one or more system calls carried out by the one or more un-assessed processes are suspended and attributes of the one or more un-assessed processes are detected and the likely maliciousness of the one or more un-assessed processes is determined from the attributes.

Abstract: Systems and methods for permission maintenance are presented. In one embodiment, a permission maintenance method includes: gathering permission indication information including permission indications associated with various stored information; analyzing the permission indication information including analyzing potential permission indication origination; and creating interface presentation information based upon results of the analyzing the permission indications, wherein the interface presentation information includes information related to potential origination of a permission indication. The gathering can include scanning a file system and collecting active directory information. The analyzing can include determining the type of access a principal is given to a file. The analyzing can also include determining if a principal is associated with a group and the type of permissions given to the group.

Abstract: A computer-implemented method for mitigating remote authentication service unavailability. The method may include 1) monitoring an availability of a remote authentication service that an authentication system, while performing multi-factor authentications, uses to validate an authentication factor of the multi-factor authentications, 2) while monitoring the availability of the remote authentication service, detecting that the remote authentication service is unavailable, and 3) in response to detecting that the remote authentication service is unavailable, causing the authentication system to bypass the authentication factor such that the authentication system can perform authentications while the remote authentication service is unavailable. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for controlling connectivity within a wireless network. In one embodiment, connectivity control device is provided within the wireless network to disrupt the communications with neighboring nodes of any computer within a protected network. In one embodiment of the invention, all of the wireless computers within a network are logged within the connectivity control device e.g., the wireless interface card identification number is logged. When a computer within the protected network attempts to connect to a neighboring wireless node, the connectivity control device transmits a signal that disrupts the communication with a neighboring wireless node. This disruption may occur by sending a disjoin frame or signal, or other form of communication, to disconnect the unauthorized access.